Principal Digital Security Architect

Encora


Job Location:

Kuala Lumpur - Malaysia

Monthly Salary: Not Disclosed
Posted on: 14 hours ago
Vacancies: 1 Vacancy

Job Summary

Key Responsibilities
1. API & Ecosystem Architecture
The API Fortress: Architect the security layer for our API Gateway (e.g. Kong
Apigee AWS Gateway). Define global policies for Rate Limiting Throttling and
Authorization (preventing BOLA/IDOR attacks).
Supply Chain Security: Design secure integration patterns for our 3rd party partners
(Fintechs Credit Bureaus Payment Processors). Ensure their insecurities do not
become our breaches.
Microservices Mesh: Define how our internal services trust each other. Move from
Network Trust to Cryptographic Trust using mTLS and Service-to-Service
authentication.

2. Identity & Access Management (CIAM)
Identity Strategy: Own the architecture for Customer Identity (CIAM). Design flows for
Biometric Binding Adaptive MFA and Step-Up Authentication for high-value
transactions.
Token Lifecycle: Define the standards for OAuth 2.0 and OpenID Connect (OIDC).
Ensure we are using Financial-grade API (FAPI) standards for token issuance
revocation and storage.

3. Secure Development Lifecycle (SDLC)
Threat Modeling: Lead Whiteboard Hacking sessions with product owners. Identify
business logic flaws (e.g. race conditions in ledgers bypassable KYC steps) before a
single line of code is written.
Paved Roads: Work with DevOps to architect secure-by-default libraries. (Example:
Create a standard Encryption Wrapper library that all developers must use so they
dont invent their own crypto).

4. Data Privacy & Cryptography
Data Defense: Define the architecture for Field-Level Encryption (FLE) in the
database for PII and Banking Secrets.
Privacy Engineering: Architect systems that support Right to be Forgotten
(GDPR/CCPA) without breaking the immutability of the financial ledger.
Strategic Deliverables
Identity Patterns: Deliver new security design patterns and components for
authentication authorization SSO MFA and Partner security to ensure seamless and
secure user access.
Mobile & Edge: Deliver new security design patterns and components for Mobile
security ensuring consistency between iOS Android and the backend.
Modern Tech Stack: Deliver API container cloud and AI security design patterns to
support the banks move toward intelligent cloud-native infrastructure.

What We Are Looking For

1. The Background
8 Years Experience: A mix of Software Engineering and Security Architecture.
Ex-Developer: You must be able to read code (Java Kotlin React or ).
Banking/Fintech Experience: Strong preference for candidates who have secured
payment gateways ledgers or wallets.

2. The Technical Skills
API Security: Deep mastery of REST and GraphQL security.
Auth Protocols: You can draw the OAuth 2.0 Authorization Code Flow with PKCE
from memory. You understand JWT signing and JWKS key rotation.
Mobile Security: Understanding of how mobile apps store secrets
(KeyStore/Keychain) and how to prevent API abuse from emulators/bots.

3. The Mindset
Business Aligned: You understand that a bank exists to process transactions. You
design security that reduces risk without destroying the User Experience (UX).
Pragmatic: You know when to demand a Blocker fix and when to accept a Risk
Acceptance waiver.


Required Experience:

Staff IC

Key Responsibilities1. API & Ecosystem Architecture The API Fortress: Architect the security layer for our API Gateway (e.g. KongApigee AWS Gateway). Define global policies for Rate Limiting Throttling andAuthorization (preventing BOLA/IDOR attacks). Supply Chain Security: Design secure integration...

About Company

Company Logo

As Encora Inc. expands its footprint in Latin America, its acquisition of Nearsoft provides our clients with a unique chance to Nearshore on a global scale.

View Profile View Profile